Who's Online
There are currently, 72 guest(s) and 0 member(s) that are online.
You are Anonymous user. You can register for free by clicking here
|  |
The Professional Security Testers Warehouse for the GPEN GSEC GCIH GREM CEH QISP Q/ISP OPST CPTS: In the News
[ Go to Home | Select a New Topic ] |
|
HPING3 Cheatsheet
Posted by cdupuis on Wednesday, 03 March 2010 @ 10:57:45 EST (229 reads)
Topic In the News
Security+ Tutorial for the CompTIA certification SY0-201
Posted by cdupuis on Saturday, 13 February 2010 @ 12:04:40 EST (6526 reads)
Topic In the News
Good day to all,
Today I am proud and excited to announce our new series of Flash Based Tutorial for the Security+ certification exam from CompTIA. Our intend is to produce one tutorial per domain, as well as MP3 files, quizzes, cram study guides, and to give you the ability to prepare and pass the exam the first time you try it after you have studied all of the domains. The tutorial can be used as a supplement to your live classroom training or as your main source of study.
Countless hours have been spent on creating unique content that is well researched and well presented. We did produce quite a few diagram using drawing tools such as Visio to help you understand key topics. The graphics and content is 100% from CCCure and whenever we use resources such as books or online content we have included a reference to the source.
We hope that you will enjoy this new series of tutorial and your feedback is most welcome. Feedback could include tips and tricks, reporting typos, suggesting new content, or anything else you think of that can help us improve the content and benefit to others. If you know of URL, Documents, Sites, or anything else related to the Security+ Certification please do let us know and we will add it to our download and links resources.
HOW MUCH WILL THIS COST ME?
This is always the big question. You probably heard me say in the past that NOTHING IS FREE, I still stand by this statement. However, I think I have an approach that is very appealing and you will most likely appreciate it.
I came out with this new DonationWare approach. The way it works is very simple, instead of buying the tutorials at $400 to $700 which is a lot of money, I will let you make use and learn from my tutorials and once you have made it through, you make a donation of an amount that you determine yourself if you can afford it. It is totally up to you whether or not you wish to donate.
This is the approach I am going to use for the first domain of the Security+ series of tutorials. This approach is based on the honor system which is a great value from my military days. Nobody will be running after you with an AK47 to get your money :-)
Based on the success or failure of this new approach, the future of the other domains will be decided, it is up to you to decide if you wish to support this approach or if you prefer that I do like other content prublishers and sell it instead for a large amount of money :-) I think the decision is a no brainer...
The second requirement is that you must create an account (see link below) on our portal to access the material. As stated very clearly in our Usage Agreement: I will send you advertising from our sponsors once in a while and this is the price to pay to be a CCCure portal member. I will never sell or give your email address to anyone else. I will pass messages from my sponsors but they do not get access to your email address. The messages you will receive are related to higher education or security products, I do not send emails on male enhancement products, lottery scheme, etc... Usually we send only a few messages per month, you will not be inundated with traffic. Please read our Usage Agreement before joining.
Click on this link to create your account now
 FLASH BASED TUTORIAL FOR EACH OF THE DOMAINS
1. Domain 1 - System Security (Click this link to access the tutorial)
 MP3 FILES FOR EACH DOMAIN
1. Domain 1 - System Security (Click here to listen to the MP3 online)
1. Domain 1 - System Security (Click HERE to download a copy of the MP3 file to listen offline)
ARE YOUR AN INSTRUCTOR, A TRAINING COMPANY, A COLLEGE, A UNIVERSITY ??
Our resources are NOT to be used within any commercial offering, bundle, media compilation without you obtaining a license first.
If you are an instructor, a training company, or an higher education institution, and you are are interested in helping your student in their learning path, helping them achieve their certification goals, we will be please to license our resource for your own usage within your commercial offering.
We do have very attractive pricing for you and I am sure you will like it. Our license price is less than what you would pay for a few days of work from a skilled courseware developer. We have done the work and you can reap the rewards. Send me an email at clement(dot)dupuis[at]cccure(dot)com if you are interested.
Best regards to all
Clement
Hacking games: Key to finding cybersecurity talent
Posted by cdupuis on Friday, 12 February 2010 @ 09:14:22 EST (474 reads)
Topic In the News
Anonymous writes "To catch a thief, you must think like a thief - the best way to defend an asset is to get inside the head of the attacker and predict his actions.
That's the opinion of Alan Paller, founder of the SANS Institute and creator of NetWars, an online cybersecurity simulation game in which contestants compete against each other by hacking into and controlling the game's 12 servers, leaving their user name in them to prove they did it.
Last July, when NetWars was presented, the honor to play the first round was given to 75 students who have considerable knowledge of cyber attack and defense techniques. But of those, only one showed the kind of reasoning that can be linked to those of a hacker.
According to Forbes, Michael Coppola, a 17-year-old high school junior, ignored the main targets and took control of the game's scorekeeping algorithm. At the end of the game, his score was three times higher then everybody else's.
One could say that he was cheating, but thinking outside the box and the willingness to break the rules are the principal requirements for a hacker and, as Alan Paller would argue, they should be equally important for cyber defenders.
"This is a skill we need Americans to have. But even more we need to find the ones who are already talented and make sure they're working for the good guys," he says. He sees NetWars, the Air Force's Cyber Patriot competition, the Department of Defense's Digital Forensics Challenge and other such competitions as a great method to discover and foster talented individuals who will become one of the 20,000 skilled cybersecurity experts America is in need of.
But, NetWars is fairly controversial because unlike the other competitions mentioned, it focuses mainly on cyber offense. While Sanford Schlitt, coordinator of the Cyber Patriot competition, thinks that teaching kids to find vulnerabilities and exploiting them will result in the creation of hackers, some government agencies and even some companies think Paller is on the right track, and are offering internships to winners.
See original posting at: http://www.net-security.org/secworld.php?id=8859 "
More evidence of value of security certification
Posted by cdupuis on Tuesday, 09 February 2010 @ 17:37:18 EST (512 reads)
Topic In the News
Anonymous writes "This story appeared on Network World at
http://www.networkworld.com/news/2010/020810-security-certification.html
More evidence of value of security certification
By M. E. Kabay, Network World
February 08, 2010 12:04 AM ET
This is the second of five articles discussing the benefits (if any) of security certifications in the job market. In the first article, a number of studies suggested that certifications do indeed improve prospects for hiring and higher salaries.
In this article, I conclude the review of recent studies and surveys with yet more encouraging news for holders of security certifications.
* * *
In June 2008, NetworkWorld writer Jon Brodkin pointed out that "Overall, the value of 164 IT certifications measured by Foote dropped 4.9% the past two years and 1.6% in the six-month period ending April 1 [2008]." However, Brodkin wrote, "Some certifications are bucking the trend and rising in value. IT security certifications rose 3.1% in value over the past two years and 1.2% in value in the last six months. Certain types of security skills are seeing dramatic growth. A 27% rise in value was measured for the Certified Information Security Manager designation, just in the past six months. In second place with a 25% rise in the last six months was the GIAC Security Expert cert."
In a follow-up article, Brodkin reported on a survey carried out for the International Information Systems Security Certification Consortium, (ISC)^2, which showed "that holders of the CISSP, SSCP or CAP certifications who work in the Americas and have at least five years experience earn [an average of] $102,376 per year – more than $21,000 higher than IT pros who also have five years experience but lack the certifications."
Reporting on the popularity of security certifications, Joan Goodchild of CSO Magazine wrote about a CompTIA survey that came out in late October 2009. The study of more than 1,500 IT workers found that many of them planned to pass certifications in security, ethical hacking and digital forensics.
Goodchild added …[M]ore companies are requiring IT security certification…. [T]he number of organizations where IT security certification is required has increased by half and is continuing to grow; 32% of employees were required to have certifications in 2008, compared to 20% in 2006.
Foote Partners maintains a database with constant updates to produce its annual "IT Skills and Certifications Pay Index." The latest edition (as of this writing in the first week of January 2010) includes "data collected through January 1, 2010." A 55-page PDF sample of the $2,500, 305 page quarterly report ($9,750 for a year's worth of reports) is available free online to illustrate the format of the report (most of the charts have been redacted to blanks).
Among the 201 specializations studied by Foote Partners, 34 certifications specifically involve security, auditing, forensics or penetration testing.
Founder David Foote, who also serves as Foote Partners' CEO & Chief Research Officer, was quoted in a Dec. 31, 2009 interview in a Bank Information Security podcast as saying that "Information security is the hot career option for professionals in 2010 and beyond." He was also interviewed back in August 2009 by Carolyn Gibney of SearchSecurity and said much the same thing: "Foote says there's reason for those in the security industry to be optimistic."
The Jan. 5, 2010 issue of the System Administration and Network Security (SANS) NewsBites started with the following assertion in an advertisement for the organization's courses:
The hottest security skills employers are seeking for 2010:
1. Red teaming/penetration testing (systems/networks and applications)
2. Forensics
3. Security essentials
4. Reverse engineering malware
5. Auditing networks and systems (hands-on testing)
6. Intrusion detection
7. Security management and leadership
8. Securing virtual systems
9. CISSP certification
Plus: Effective presentation skills for security professionals.
This last point is important: in addition to technical skills, communications and management skills are valuable to IA professionals. Recently Paul Dorey, chairman of the Institute of Information Security Professionals in Britain, was quoted as follows:
"We are entering a time when IT security people are going to have to move from being merely advisers to the business to real professionals whose views are listened to," he said. As IT supports every aspect of life, security breaches become potentially life-threatening or disastrous for their organisations. Just as bridge designers and structural engineers work to common and consistent standards and are therefore respected, he said, so security professionals should command the same level of respect.
For that to happen, security professionals need to communicate effectively with a wide range of disciplines – including audit, risk assessment and compliance, IT and engineering. "They need to be like chameleons to fit into those disciplines," he said. "You may not become an expert in them all, but you must at least don the facade. ... Get some mentoring to help you understand them."
In the next article in this five-part series, I'll look at the wider context of certification and licensing for a range of professionals in the United States and point to the efforts beginning in the early 2000s to force certification for IA officers in the U.S. Department of Defense.
Read more about security in Network World's Security section.
All contents copyright 1995-2010 Network World, Inc. http://www.networkworld.com
"
Is my network part of a Botnet -- How do I find out?
Posted by cdupuis on Thursday, 04 February 2010 @ 19:01:28 EST (567 reads)
Topic In the News
Welcome to
BotHunter Central
Latest release: version 1.5
BotHunter is a U.S. Registered Trademark of SRI International, 2009. (1) Patent Pending.
BotHunter 1.5 Development Team:
Phillip Porras (Lead), Martin Fong, Keith Skinner, Steven Dawson, Rukman Senanayake, Leigh Moulder
BotHunter is developed and maintained by the Computer Science Laboratory, SRI International
BotHunter is the first, and still the best, network-based malware infection detection system out there. It tracks the two-way communication flows between your computer(s) and the Internet, comparing your network traffic against an abstract model of malware communication patterns.(1) Its goal is to catch bots and other coordination-centric malware infesting your network, and it is exceptionally effective.
BotHunter will help you catch malware infections that go regularly undetected by antivirus systems and completely ignored by traditional intrusion detection systems. Let's find out who really owns your network.
Get BotHunter Now (FREE)
and Check Out: BotHunter2Web
NOW HUNTING ON:
Windows, Linux, FreeBSD, MacOS
A new version of [IN]SECURE magazine is ready for download
Posted by cdupuis on Wednesday, 03 February 2010 @ 11:45:50 EST (398 reads)
Topic In the News
DOWNLOAD ISSUE 24 HERE (February 2010)
- Writing a secure SOAP client with PHP: Field report from a real-world project
- How virtualized browsing shields against web-based attacks
- Review: 1Password 3
- Preparing a strategy for application vulnerability detection
- Threats 2.0: A glimpse into the near future
- Preventing malicious documents from compromising Windows machines
- Balancing productivity and security in a mixed environment
- AES and 3DES comparison analysis
- OSSEC: An introduction to open source log and event management
- Secure and differentiated access in enterprise wireless networks
- AND MORE!
The H Security: Scareware becomes ransomware again
Posted by cdupuis on Monday, 01 February 2010 @ 06:42:20 EST (508 reads)
Topic In the News
Scareware becomes ransomware again
Data Doctor 2010 will allegedly repair files, for a price. Rather than infected files, the latest scareware uses allegedly corrupted files to alarm users. The setup work is performed by a trojan known as W32/DatCrypt, which encrypts files including office, image and MP3 files. When the user then tries to open any of these files, Windows reports them as being corrupted.
Where previous encrypting trojans, such as GPCoder, have demanded a payment from the victim in order to decrypt files (ransomware), the criminals behind this particular attack have taken a more brazen tack. They offer the victim a program called Data Doctor 2010, which will allegedly repair the files, for download. The 'trial version' of Data Doctor downloaded then reports that it is only able to repair a single file, and that repairing all the user's files will require the full version costing around €90.
Happily for victims, anti-virus software vendor Sunbelt has provided a free downloadable tool (direct download) for repairing files without the intervention of Data Doctor. The tool simply decrypts the encrypted files, which use a simple encryption algorithm. Malware specialist FireEye reported a similar case back in early 2009. The alleged repair tool in that case was entitled FileFix Pro 2009 and was priced at €50.
Meanwhile Eset is warning of a new worm called Zimuse, which overwrites the master boot record on infected systems. BitDefender has also issued a warning about Zimuse, but claims that it destroys hard drives using malicious code. What is unanimously agreed is it does not do so immediately upon infecting a system but, depending on the variant, 20 or 40 days later by rendering the system unbootable. It is usually possible, however, to repair the system by using a repair CD to restore the MBR, allowing a normal Windows installation to once more boot.
Zimuse is being spread via infected USB sticks and via the web as a downloadable IQ test. Eset believes that the malware was originally targeted at members of a Slovakian bikers' club. Most initial reports on the spread of the worm came from Slovakia, but this has now been overtaken by the USA, followed by Slovenia, Thailand, Spain, Italy and the Czech Republic. Eset has provided a tool for removing the malware, but this is only useful before the MBR has been overwritten.
See also:
New logo for the CCCure Family of Portals
Posted by cdupuis on Friday, 29 January 2010 @ 23:16:55 EST (446 reads)
Topic In the News
Today I am happy to present our new logo:
Our new logo represent very well the mission of CCCure and it's family of portals.
It shows that our mission is Education, Information System Security, helping people worldwide.
Every month we have people from more than 125 countries that are making use of our portals. That's over 100,000 unique visitors overall. We are proud today to show our new identity, the next time you see it you will know it is not a clone, a rogue, or a fake. It is the real thing.
Thanks to all who supported us over the past ten years.
Best regards
Clement, Nathalie, and Alain
Site Owners and Maintainers
What is rogue security software?
Posted by cdupuis on Thursday, 28 January 2010 @ 15:10:38 EST (526 reads)
Topic In the News
NOTE FROM CLEMENT:
Not too long ago I was asked in class what is the name of popup suggesting to you tools to stop malware. I know exactly what they do but I was not sure about the exact name or jargon use for it. Today I have seen my answer on Lavasoft.com:
 Rogue security software is an application that appears to be beneficial from a security perspective but provides little or no security, generates erroneous alerts, or attempts to lure users into participating in fraudulent transactions. Some products defined as "rogue" simply fail to provide the reliable protection that a consumer paid for. Others are far more sinister, masquerading as legitimate security software, and using deceptive tactics to con users into buying the product.
Why do you need to know about rogues?
Unfortunately for computer users, the number of rogue security and anti-malware software, also commonly referred to as "scareware", found online is rising at ever-increasing rates, blurring the lines between legitimate software and applications that put consumers in harm's way. And that means that instead of purchasing a program to protect your PC, you may actually be playing into the hands of cyber scammers, falling for bogus software specifically designed to mislead you.
What can you do keep from falling for rogue programs?
- Do not fall for scare tactics. While browsing sites, be cautious of pop-ups warning you that your system is infected and offering a product to clean it up. Never pay for a program that installed itself to your computer. This is a hallmark of rogue software.
- Use security software and keep it up-to-date. If you know that you have anti-virus, anti-spyware, and a firewall on your PC, you can safely ignore security alerts you receive that do not come from your chosen security software provider. (Rogue security software will often try to lure computer uses by using legitimate looking pop-up messages that appear to be security alerts.) Also, most anti-malware programs, like Ad-Aware, will help keep you protected from rogues because they can find and detect these programs.
- Access experts at the Lavasoft Support Forums or other security forums and ask about the software you are considering before you decide to purchase it.
- Read the software reviews at reputable sites like Download.com. Do not blindly trust individual sites offering security products. You can also refer to Lavasoft’s Rogue Gallery to check to see if a program in question is listed as a rogue.
- Ask knowledgeable friends and family members about quality software they use. Keep in mind that when you search for trustworthy security software online, rogue products can, and often do, appear in the search results list.
- Practice online skepticism. Be aware that rogue security software does exist on the Web, and be vigilant about avoiding it. These programs are designed to appear genuine - meaning they may mimic legitimate programs, use false awards and reviews to rope you in, or employ other deceptive tactics. It’s also a good idea to familiarize yourself with common phishing scams, and to be cautious of links in e-mail messages and on social networking sites.
From Lavasoft library at: http://www.lavasoft.com/mylavasoft/rogues/help
News from the Pauldotcom Crew
Posted by cdupuis on Friday, 15 January 2010 @ 20:48:56 EST (613 reads)
Topic In the News
All:
First, I would like to thank all of you for participating in our community Forum (http://forum.pauldotcom.com).
I wanted to give you a brief update on some of the things happening at PaulDotCom and invite you to our new community site called "PaulDotCom Insider".
As some of you already know we are launching our own webcast series. This is a very important step for us in order to maintain our sponsors and help fund PaulDotCom. There are two webcasts happening this month, and both give you a chance to win a FREE Ipod Nano! Information is below:
Title: Practical Client-Side Exploitation Kung Fu
Description: In this webcast we will explore the tools & techniques needed to perform successful client-side exploitation. Practical methods for information gathering, target selection, and exploit delivery will be covered.
Date: Thursday, January 21, 2010
Time: 2:00 PM - 3:00 PM EST
Sponsor: Core Security Technologies
Register Here: https://www1.gotomeeting.com/register/171250512
Title: Practical Web Application Pen Testing Kung Fu
Description: In this session John & Paul will guide you to performing more successful web application penetration testing. You will learn how to balance automated tools with manual testing, strike vulnerabilities with the highest chance of exploitation, and more!
Date: Tuesday, January 26, 2010
Time: 2:00 PM - 3:00 PM EST
Sponsor: Cenzic
Register Here: https://www1.gotomeeting.com/register/290940024
I would also like to invite you to join our new, work in progress, insider community. The "PaulDotCom Insider" will provide exclusive access to premium PaulDotCom content. The invitation link is as follows:
http://pauldotcom.ning.com/?xgi=2Br1mRu8PUjiw8
We still plan to keep the current Forum as it stands today.
Thanks for your help and support!
Cheers,
Paul
--
Paul Asadoorian
PaulDotCom Enterprises
Web: http://pauldotcom.com
Phone: 401.829.9552
_______________________________________________
Pauldotcom-forum mailing list
Pauldotcom-forum@mail.pauldotcom.com
http://mail.pauldotcom.com/cgi-bin/mailman/listinfo/pauldotcom-forum
New Magazine: Hack In The Box (HITB) Ezine is launched
Posted by cdupuis on Thursday, 14 January 2010 @ 18:59:32 EST (552 reads)
Topic In the News
Welcome to 2010! We are proud to announce the immediate availability of our newly? reborn? HITB ezine! You can grab your digital copies here:
https://www.hackinthebox.org/misc/HITB-Ezine-Issue-001.pdf
As some of you may know, we?ve previously had an ezine that used to be published monthly, however the birth of the HIT-BSecConf conference series has kept us too busy to continue working on it. Until now that is...
As with our conference series, the main purpose of this new format ezine is to provide security researchers a technical outlet for them to share their knowledge with the security community. We want these researchers to gain further recognition for their hard work and we have no doubt the security community will find the material beneficial to them.
We have decided to make the ezine available for free in the continued spirit of HITB in? Keeping Knowledge Free?. In addition to the freely available PDF downloads, combined editions of the magazine will be printed in limited quantities for distribution at the various HITBSecConf's around the world - Dubai,
Amsterdam and Malaysia. We aim to only print somewhere between 100 or 200 copies (maybe less) per conference so be sure to grab a copy when they come out!
Happy New Year once again and we hope you enjoy the zine!
Encryption code for DECT mobile phones cracked
Posted by cdupuis on Monday, 04 January 2010 @ 09:42:55 EST (551 reads)
Topic In the News
Anonymous writes "HERE IS ANOTHER GREAT PIECE OF NEWS FROM THE H SECURITY WEBSITE:
In addition to the crypto algorithm of the GSM mobile telephony standard, security researchers have also cracked the encryption code for calls from cordless phones that are based on the widely used Digital Enhanced Cordless Telecommunication (DECT) standard. This was announced by members of the deDECTed.org project group at the 26th Chaos Communication Congress (26C3) in Berlin on Tuesday. According to the researchers, the respective key used can be extracted from intercepted data traffic with a reasonable amount of effort. The experts think that such prep work will make the DECT Standard Cipher (DSC) "increasingly easier and faster to crack".
At last year's hacker conference, members of deDECTed had already pointed out severe flaws in the implementation of the DECT security features. They had used a modified laptop card and a Linux computer for intercepting DECT phones. When running their tests, the researchers noticed that occasionally no encryption process whatsoever exists between the transmitting base station and the handset. Often, the handset simply authenticates itself at the base station in the same way that is stipulated by the GSM mobile telephony standard. In other devices, the base station did authenticate itself, but without encryption. In all of these cases, the hackers were able to record active conversations in plain text.
At the time, however, the group was unable to successfully simulate an attack on the secret DSC. Now, the researchers have made further progress, which effectively means that phone conversations via DECT devices must be considered insecure even if a vendor has correctly implemented the standard's prescribed encryption features. According to crypto researcher Karsten Nohl, who has since joined the deDECTed team, one of the reasons for this is that engineers already worked sloppily when implementing the encryption code, reducing the initially planned additional process security measures such as redundant rounds in favour of a faster encryption.
The experts soon found first indications that "something's wrong with the encryption" of DECT, said Nohl. According to the researcher, the use of a proprietary cryptography standard whose operational principles are undisclosed, for instance, almost guarantees that the process will be easy to crack. The researchers were reportedly also unable to locate a good method for generating the random numbers required by the encryption mechanism. They generally found "a lot of design flaws", said Nohl. For instance, the wireless standard fully trusts the base station although the secret key is stored in the handset, he said.
According to Darmstadt-based crypto researcher Erik Tews, DSC is slightly more sophisticated than its A5/1 counterpart for GSM. An illustration in the relevant patent document shows that the algorithm consists of four registers with a total of 80 bits, he explained. The generated keys are reportedly loaded by a control unit at irregular time intervals. This process is always preceded by 40 redundant rounds, which simplifies intercepting the encrypted data stream, said the researcher. Furthermore, the hackers reportedly found a write command that proved useful in reverse engineering.
Tews described a laborious piecemeal process in which the researchers repeatedly used algebraic methods and a modified variant of a Linux-based DECT protocol stack to compare the assumed sequences within the encryption registers with the actual data they measured. Once they had found a few "crack here" signs, they started a linear cryptanalysis, he said. This reportedly enabled them to establish a register's number of clock cycles with a probability of 12 per cent. By evaluating half a million intercepted encrypted data streams, the researchers then reportedly managed to crack the DSC on a PC. The group intends to publish more details in mid January.
It was also necessary to figure out the precise operation of the DECT encryption code, Tews explained the group's next steps; one way of achieving this is to analyse the control traffic via the "A field" of the cordless phone's appropriate C channel, said the researcher. In addition to the dialled number sequences or constantly updated information about the duration of the current conversation, this traffic apparently also contains the required "keystream". The researchers reportedly needed 24 hours of recorded data material to establish the actual key used. Evaluating the B field, which generally contains voice data, reportedly allows the process to be completed much faster based on three hours of data traffic. However, this requires silence to be transmitted, said Tews. This is apparently the case when the handset is used as a "bug", for example when used as a baby monitor.
Before the presentation, the researchers informed the DECT forum of their findings. The alliance behind the standard acknowledged the vulnerabilities and referred the researchers to a new, open cryptography approach it is co-developing with the European Telecommunications Standards Institute (ETSI). An appropriate short-term update of DECT is reportedly already scheduled to be adopted in spring 2010. The forum is apparently also in the process of establishing a formal certification procedure for DECT-based devices and intends to discuss further improvements with the deDECTed team. Until then, the group itself recommends that users only buy phones whose firmware they can update manually. In general, it is advisable to keep conversations on cordless phones short and avoid silence, said the experts.
URL of this Article:
http://www.h-online.com/security/news/item/26C3-Encryption-code-for-DECT-mobile-phones-cracked-893794.html
Links in this Article:
[1] http://www.h-online.com/news/item/26C3-GSM-hacking-made-easy-893245.html
[2] https://dedected.org/trac
[3] http://events.ccc.de/congress/2009/
[4] http://www.h-online.com/news/item/DECT-Forum-Cordless-phone-vulnerabilities-present-a-low-privacy-risk-739653.html
[5] http://en.wikipedia.org/wiki/Linear_cryptanalysis
[6] http://www.dect.org/
[7] http://www.dect.org/userfiles/file/Press%20releases/DF_Press%20Information_Security%20Certification_12232009.pdf
[8] http://www.etsi.org/ "
26C3: GSM hacking made easy
Posted by cdupuis on Monday, 04 January 2010 @ 09:39:18 EST (667 reads)
Topic In the News
Anonymous writes "On Sunday 27th of December at the 26th Chaos Communication Congress (26C3) in Berlin, security researchers published open source instructions for cracking the A5/1 mobile telephony encryption algorithm and for building an IMSI catcher that intercepts mobile phone communication. The Global System for Mobile Communications (GSM) standard for digital mobile phone networks, which is used by around four billion people in 200 countries, is quite insecure, explained cryptography expert Karsten Nohl in front of a large audience of hackers. While this has been known in academic circles since 1994, the evidence now produced leaves "no more room for playing hide and seek" said Nohl.
Nohl started his project for creating publicly available proof of the security holes in mobile phone communication systems last summer. The basic issue is a distributed passive attack on A5/1. This crypto algorithm, which has been considered insecure by the experts for a long time, uses a key that is allegedly short enough to make it susceptible to relatively simple attacks based, for instance, on a phone book lookup. To speed up such an – otherwise very time-consuming – attack, Nohl's freely available software employs various tricks. For instance, it uses modern graphics cards with CUDA support for the computations, distributes tasks across various computers on a network and compresses the code book and tables containing procedures such as the generation of rainbow tables so that they require less room and run faster.
Nohl and his team say they found the secret key for A5/1, which opens the door for intercepting GSM communication, more effortlessly than they had anticipated. "We thought we'd need six months, but we managed to do it with forty computers in three months instead", said the hardware hacker, who intends to demonstrate the actual process of cracking the algorithm in front of an audience at a separate 26C3 workshop on Wednesday. Among the factors working in favour of the hackers was that GSM apparently reveals a larger stream of key data than researchers assumed in earlier attacks.
According to Nohl, even the GSMA industry association, who is behind GSM, saw itself forced to offer tips on how to proceed after receiving the first indications of the newly discovered vulnerabilities. Nohl said the association pointed out that the main security aspect of GSM was not the encryption standard itself, but the method for changing the transmission channels used. Therefore, a hacker would need a receiving station and a program for processing the raw data. It appears the GSMA didn't realise that such a computer system can already be built by using the free OpenBTS software to set up a GSM base station.
This system can be used to intercept large portions of a network operator's communication spectrum and two such devices allow attackers to track down the channel changes and the secret key, said Nohl. According to the researcher, a corresponding implementation is currently being developed.
OpenBTS and the free Asterisk software for telephone systems previously helped the security experts build a budget IMSI catcher for active attacks on GSM. While the equivalent devices, mainly used by the German police and intelligence agencies to locate mobile phone users, can be purchased for around 1500 US dollars, the open source solution provides an even more low-cost alternative, said Nohl.
The only other things required are a USRP (Universal Software Radio Peripheral) board and a separate 52 MHz clock because the 64 MHz version isn't stable enough, said Nohl's colleague Chris Paget. The researchers explained that the home-made IMSI catcher needs to be configured in such a way that it sends out an operator's Mobile Country Code (MCC) and Mobile Network Code MNC. If the signal is stronger than that of an official mobile telephony networks' base station, the mobile phones in its range reportedly register with their IMSI numbers. The intercepted data can then apparently be decoded with Wireshark or caught using the Airprobe software.
Paget emphasised that the researchers have not used their open source solution on any operator's active mobile phone network, pointing out that this is illegal. However, the researchers were able to use the IMSI catcher for identifying serious GSM implementation flaws in a test environment, for instance, a current generation iPhone smoothly connected to a fictitious network created by the listening device. Even when the device gave an entirely different GSM frequency used in the US the connection could still be established, said the researchers. In addition, the hackers said they managed to influence the authentication process between the mobile phone and the base station in such a way that the phone in question froze completely and had to have its power disconnected. According to other reports from China, the colleagues of a student were still presented with "OpenBTS" as their apparent network operator long after a test with a comparable IMSI catcher had swiftly been terminated.
To Paget, this proves that "there are incredible flaws in every GSM protocol stack." Device manufacturers and mobile telephony providers only appear to check whether a phone is compatible with the respective protocol, he added. There is reportedly no checking of the interaction between the phone and the base station. Nohl believes that, on the whole, "GSM security needs a complete overhaul." The researcher doubts whether switching to A5/3 really solves the issue. According to a presentation by experts at the Asiacrypt conference a few weeks ago, this A5/1 successor could also prove too weak. While common keys are used for both methods, further attacks on the unsafe A5/1 are apparently also possible. According to Nohl, the relative ease with which the algorithm can be cracked is also likely to have an effect on networks like GPRS and 3G, because these networks also use encryption standards of the A5 family
URL of this Article:
http://www.h-online.com/security/news/item/26C3-GSM-hacking-made-easy-893245.html
Links in this Article:
[1] http://events.ccc.de/congress/2009/
[2] http://www.h-online.com/news/item/GSM-to-feel-the-heat-from-open-source-project-743127.html
[3] http://reflextor.com/trac/a51
[4] http://www.gsmworld.com/
[5] http://en.wikipedia.org/wiki/OpenBTS
[6] http://en.wikipedia.org/wiki/Universal_Software_Radio_Peripheral
[7] http://en.wikipedia.org/wiki/Mobile_Country_Code
[8] http://en.wikipedia.org/wiki/Mobile_Network_Code
[9] http://www.wireshark.org/
[10] https://svn.berlin.ccc.de/projects/airprobe/
[11] http://asiacrypt2009.cipher.risk.tsukuba.ac.jp/ "
Vigilar Intense School is now closed
Posted by cdupuis on Tuesday, 22 December 2009 @ 21:23:32 EST (1258 reads)
Topic In the News
NOTE FROM CLEMENT:
Vigilar Intense School is now closed and no longer in business.
Employees and instructors were told the very sad news last week. Once again it is a case of bankruptcy and many instructors, suppliers, and others will not get paid. The decision was a total surprise to the employees and unfortunately many of them will never be paid for the classes they have delivered. The worst are the clients who have bought classes that will not be delivered or clients who have bought large quantity of vouchers worth absolutely nothing, some of them loosing their yearly training budget. This is the tragedy in all of this. Why were they still taking order and people money the day before closing I do not understand. To say the least this is extremely unfortunate at this time of the year.
I know that some of you will be out of luck for your training, we are always willing to help, please contact Security University and we can definitively help you readjust and move forward with your training needs. Visit SU website or Call Sondra at:
Sondra J. Schneider
Founder & CEO, Security University
109 Weed Ave
Stamford CT 06902
work 203.357.7744
cell 203.249.8364
www.securityuniversity.net
Below you have an extract from a message posted by Barry Kaufman on one of the public forum where he talks about the closure:
Message from Barry on Intense School
Dear Friends and Colleagues,
There are a lot of you and so I am writing this to you all at once.
On Wednesday I was cut off of email at Vigilar, and then laid off on Friday.
Vigilar is shutting its doors, the senior management pursued several different avenues to save the whole business, but was unsuccessful.
As I understand it there were many factors that led to the company’s demise but ultimately the combination of a very tight (capricious even) credit market along problems in our other business units led to this outcome.
When a merger agreement fell apart several weeks ago the senior (controlling) creditors of Vigilar elected to shut the business down. They closed Vigilar's product business 2 weeks ago, and then decided this past Friday to shut down the Intense School, instead of continuing with a solution to keep Intense School alive. I am very sorry that this has happened; Intense School, although just a brand of Vigilar for the last 4.5 years, has been a very important part of many of our lives; while we fought hard to keep it alive, what has happened has been beyond my control.
As I am no longer an employee of Vigilar, I cannot advise you on AP issues, but suggest that if you have AP remaining, contact AP@vigilar.com.
MessageLabs Intelligence Annual Security Report for 2009 - Botnets Bounce Back
Posted by cdupuis on Wednesday, 09 December 2009 @ 08:50:50 EST (1041 reads)
Topic In the News
Dear MessageLabs Intelligence Subscriber,
Welcome to the MessageLabs Intelligence Annual Security Report for 2009.
This year has been a turbulent year for spam activity, with average spam levels reaching 87.7 percent, but with highs and lows of 90.4 percent in May and 73.3 percent in February respectively. With compromised computers issuing 83.4 percent of the 107 billion spam messages distributed globally per day on average, the shutdown of botnet hosting ISPs, such as McColo in late 2008 and Real Host in August 2009 appeared to make botnets re-evaluate and enhance their command and control backup strategy to enable recovery to take hours, rather than weeks or months.
Botnets continued to rule the cyber security landscape in 2009 with the ten major spam-sending heavyweight botnets, including Cutwail, Rustock and Mega-D, now controlling at least five million compromised computers around the world. Cutwail was a dominating force across both spam and malware in 2009, responsible for issuing 29 percent of all spam or 8,500 billion spam messages between April and November 2009. Cutwail also used its strength to spam out emails containing the Bredolab Trojan dropper, disguised in the form of a .ZIP file attachment. One of the major threats of 2009, the Bredolab Trojan was designed to give the sender complete control of the target computer which then could be used to deploy other botnet malware, adware or spyware onto the victim’s computer.
2009 was the year that the threat landscape sharpened its skills, rather than just relying on large spam runs and malware attacks. We intercepted more variants with increased sophistication, efficiency as well as improvements in technology. We stopped more than 21 million different types of spam campaigns in 2009, more than twice the amount seen in 2008, and saw a 23 percent increase in malware variants year-on-year. The significant increases suggest that, thanks to the increased availability of specialized criminal toolkits, it was easier to create, distribute and use spam and malware than ever before.
In the first half of 2009, the global credit crisis was linked to many finance-related attacks as spammers and criminals sought to take advantage of the uncertainty surrounding the global economic downturn. In 2009, 90.6 percent of spam contained a hyperlink, driven predominately by an upsurge in the second half of the year of using shortened-URLs in spam runs, which helped disguise the true website that the user would be visiting and making it harder for traditional anti-spam filters to identify the messages as spam. URL-shortening was frequently used on social networking and micro-blogging sites and is popular among online criminals because of the inherent trust relationships that exist between users of these sites.
World events, annual festivities and other news stories also contributed to many spam themes in 2009 including St. Valentine’s Day, the H1N1 flu pandemic and the deaths of celebrities including singer Michael Jackson and actor Patrick Swayze. Malware writers and even 419-type advance fee fraud campaigners also got in on the act and in the example of the death of Michael Jackson, the first examples, including a Brazilian banking Trojan distributed in malicious hyperlinks, appeared in the days following his death.
Although sophistication and innovation are at the forefront of some of the attacks we see, predictability also plays a large part of the day-to-day threat landscape. The security industry as a whole talks about themed attacks, such as those surrounding Valentine’s Day, Christmas, and celebrity deaths, however, the frequency and volume of these attacks suggests that the cyber criminals are still achieving the results desired or their tactics would have changed.
Finally, CAPTCHAs (Completely Automated Public Turing test to tell Computer and Humans Apart), came under increased scrutiny this year as CAPTCHA-breaking tools have been readily traded in the underground economy, allowing cyber criminals to create large numbers of real accounts for webmail, instant messaging and social networking websites. There has been an emergence of businesses that specialize in providing real people to create real accounts on major webmail services on a 24-hour basis. Often advertised as a data processing job, each worker can be expected to receive approximately two to three U.S. dollars per 1,000 accounts created; accounts are then sold on to spammers for around $30 to $40. Some major sites are already investigating alternatives to the swirling letters and numbers, such as large libraries of photographic images, in which the user must be able to analyze or interact with the image in such a way that would be very challenging for a computer program.
The MessageLabs Intelligence Annual Security Report for 2009 provides greater detail on all of the trends and figures noted above, as well as more detailed geographical and vertical trends. The full report is available as a PDF and can be freely downloaded with the accompanying podcast at messagelabs.com/intelligence.
Download the report at:
http://mlabs.twconnect.com/link/17522/6527845/95e47ef4efd0b0a91b0e7cfef115466c
Best regards,
Paul Wood
MessageLabs Intelligence Senior Analyst
Symantec Hosted Services
|
|
Login
Don't have an account yet? You can create one. As a registered user you have some advantages like theme manager, comments configuration and post comments with your name.
Big Story of Today
There isn't a Biggest Story for Today, yet.
Old Articles
| Tuesday, December 08 | | · | ATM Scam Bank ATMs converted to steal bank customer IDs |
| Saturday, October 03 | | · | The PST Usage Agreement -- Read Carefully |
| Monday, July 20 | | · | Verify Your Security Provider -- The truth behind manual testing |
| Tuesday, June 30 | | · | The Security-Database Watch Newsletter -- v20090628 |
| Friday, April 17 | | · | Ethics -- Hacking their way to a job |
| Thursday, April 02 | | · | Information Security Management Maturity Model (ISM3) update |
| Wednesday, March 25 | | · | Worm Breeds BotNet from Home Routers and Modems |
| Friday, February 06 | | · | SFX-SQLi (Select For XML SQL injection) |
| · | Penetration Testing Directory Project |
| Thursday, November 20 | | · | Under worm attack, US Army bans USB drives |
| · | GFI LANguard version 9.0 has been released |
| Tuesday, November 04 | | · | Video from DEFCON 16! |
| Thursday, October 30 | | · | Turkish hacker arrested by FBI made video giving tips for installing ATM skimmer |
| Tuesday, October 28 | | · | Uninformed is pleased to announce the release of its 10th volume |
| Wednesday, October 01 | | · | Using Ebay for Hacking -- Part 2 |
Older Articles
|
Does it hold any weight?